Using Operational Technology Vulnerability Response

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Operational Technology Vulnerability Response

    The Operational Technology Vulnerability Response (OTVR) application is designed for managing vulnerabilities in operational technology within the Industrial Workspace. After completing initial setup tasks, including the importation of vulnerable items, users can access various tools and dashboards to track and manage vulnerabilities effectively.

    Show full answer Show less

    Key Features

    • OTVR (PA) Dashboard: This dashboard allows users to monitor the volume, performance, and progress of vulnerable items. Reports can be filtered by assignment group, exploits, risk rating, and state for better insight into vulnerability exposure.
    • OT Vulnerability Risk Rollup Dashboard: Contains tables that display vulnerability risk scores for equipment model entities and OT devices without assigned sites.
    • List Menu: Users can view OT Vulnerable Item records and remediation tasks assigned to them or their groups, including all exception requests.
    • Equipment Model Menu: Enables viewing and creating remediation tasks for OT devices linked to equipment model entities.
    • Hardware Vulnerability Assessment: Manage vulnerability assessments for OT device firmware with tabs for fully matched, partially matched, vulnerable items, ignored assessments, and awaiting normalization.
    • Remediation Task Management: Users can create, defer, split, and view remediation tasks associated with OT vulnerable items.
    • Compensating Controls: Provides alternative security measures when immediate patching of vulnerabilities is not feasible.

    Key Outcomes

    By utilizing the OTVR application, ServiceNow customers can effectively track and manage vulnerabilities in their operational technology environments. This leads to enhanced security posture, reduced exposure to risks, and improved compliance with safety and regulatory standards. Users can expect a streamlined process for handling vulnerabilities, including the ability to defer tasks and request exceptions when necessary.

    After you complete all required set up tasks, including importing vulnerable items from a third-party integration, you can use the Operational Technology Vulnerability Response application from the Industrial Workspace.

    Industrial Workspace

    To use Operational Technology Vulnerability Response, access the following landing page and menus from the Industrial Workspace.

    For more information on the Industrial Workspace, see Industrial Workspace.

    OTVR (PA) dashboard in the Industrial Workspace

    Use the OTVR (PA) dashboard to track the volume, performance, and progress of your vulnerable items from the initial analysis and detection to the containment, or remediation. You can filter the reports by the assignment group, exploits, risk rating, or state to get insight into your vulnerability exposure and the services that are affected.

    For more information about the OTVR (PA) dashboard, see Operational Technology Vulnerability Response (PA) dashboard

    OT Vulnerability Risk Rollup dashboard overview

    The Operational Technology (OT) Vulnerability Risk Rollup dashboard contains two tables for your vulnerability risk scores.
    • Vulnerability risk table for your equipment model entities
    • Vulnerability risk table for OT devices with no site assigned

    List menu

    Use the List menu to view all OT Vulnerable Item records that you have access to and remediation tasks that have either been assigned to you or to an assignment group that you are a member of.
    • OT Remediation Tasks
      • Assigned to me
      • Assigned to my groups
    • OT Vulnerable Items
      • Assigned to me
      • Assigned to my groups
      • My Exception Requests
      • All Exceptions
        Note:
        The All Exceptions list also shows exceptions with a Rejected state.

    Navigate to records under the OT Remediation Tasks or OT Vulnerable Items list menus to get more OT-related context. To view the history of the record, you can view the Activity window in the record where various work notes, comments, and record updates are captured. You can also add new comments or work notes in the Compose window.

    For more information about remediation tasks, see Create a remediation task.

    For more information on how to use the List view in the Industrial Workspace for Operational Technology Vulnerability Response, see Use the List view in the IT Remediation Workspace.

    Equipment model menu

    Use the Equipment Model Manager to view OT vulnerable items, and view and create remediation tasks associated with OT devices that are mapped to an equipment model entity.

    Hardware Vulnerability Assessment

    Use the Hardware Vulnerability Assessment menu to view and manage the vulnerabilities assessments that have performed on the firmwares of the OT devices in the inventory.

    Use the following tabs in the Hardware Vulnerability Assessment menu to view all the assessments records and the vulnerable items that are created automatically:
    • Fully matched assessments
    • Partially matched assessments
    • Vulnerable items
    • Ignored assessments
    • Awaiting Normalization